Windows

General discussion

Machines Lose Domain Membership

We just completed a network migration, all servers are win 2k3 and clients XP Pro sp2. We have experienced some machines losing their domain membership periodically for no reason. A good number of these machines are hubs. We suspect that there is communication issues and/or issues with these machine accounts and passwords. There is nothing in the logs that give a clue as to what is happening. Anyone see this before? Suggestions?

All Comments

I would be looking at the servers for the problem. Depending on what is installed on these it sounds as if you are experiencing Synchronization Problems that is allowing some units to drop off the network.

You'll have to look in the Permission of the server/s and reset these to what is required.

A little more info may have generated a more informed answer but that is the best that I can come up with without knowing more as I do not know what to tell you to change.

not sure what losing domain membership actually means. When a computer joins a domain the local machine is now part of the domain and not a workgroup. Depending upon what authentication protocol is used for the domain [like Kerberos]the local machine has a SID [computer account] it uses to identify itself to the domain during authentication. The computer account is not the same as a user account.

If your having problems with users being able to log on or communicate with the DC, look first at hardware to rule out faulty cables, NICs, RJ45 sockets, and the like. Then look at the authentication methods.

When you say that the machines are "hubs" did you mean they are intelligent switches?

Or did you mean they are computers acting as routers?

One of the things to check on your network is that ports 135-138 are not locked down. If they are, the RPC secure chanenl will fail and the systems will "drop" off the domain, but will remain visible in AD. When the tombstone period is reached (60 days, unless you have changed it), the object will be removed from Active Directory.

More information is needed to assist you with this issue, but I suspect that it is the RPC secure channel one that has been endlessly discussed in this forum.

Based on your commentary, I have a better understanding of the issue you are seeing. Pull the DCDIAG tool off the Windows CD or download it from Microsoft (it's free) and then run the following command line:

dcdiag /v /e /f:dcdiagLOG.txt /ferr:dcdiagERROR.txt

Search to see what errors are being reported by the domain controller. This will give us a better idea of what is happening.

Sorry, the Machines are not hubs themselves, but some are ON hubs. In other words, the offices where some of the machines reside did not have enough drops to get back to our switches. Therefore, we used some dumb hubs to connect machines and printers in some locations. Not all of our problems are with these machines, but it seems to happen more frequently to machines on hubs. We are not blocking any ports specifically. We do have Windows Firewall enabled on most machines, but there a few that have lost their domain memberships that do not have the firewall on. Some of the machine accounts are still in AD after they lose their memberships, some are not. The problem is very inconsistent and happens everyday to random machines. A few machines have lost their membership multiple times, only a day or two apart.

Check TOE

Not sure if this applies to you but I've seen this problem before. Firstly though do the machines go back onto the domain after a reboot?

If this is the case check TOE is turned off on the NIC. Some switches don't support it and I've seen server drop off the domain but after a reboot they work for a couple days before having to reboot again.

computer dropping of the domain.

I have this issue that occurs in one room. This room is also in another builiding. The other rooms don't have this problem. However the problem room does not have problems with all the PC's. I think 1/3 of them have this problem. I recently remoted into the one pc, patched it and rebooted it and then I could no longer remote into it. I could however log into the domain from the box locally and could RDP out from that pc to PC's , servers, etc in other rooms and buildings. I decided to delete the computer object from Active Directory and then create a new computer object, go to the PC, put it in a workgroup, restart it and then join it to the domain again. This worked fine, I had access from the machine and it could be remoted into. However once the PC was rebooted by the remote user, it could not be remoted into. I should add the Records in DNS are fine and I don't see any duplicate objects anywhere nor any conflicing IP addresses. These workstations use static IP addresses

Start or search

Create a new discussion

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Post type

Subject title

Topic Tags

Select up to 3 tags (1 tag required)

Cloud

Piracy

Security

Apple

Microsoft

IT Employment

Google

Open Source

Mobility

Social Enterprise

Community

Smartphones

Operating Systems

Windows

Mac

Malware

Tablets

Networking

Browser

Hardware

Software

Web Developerment

Linux

Off Topic

Message Body

Track this discussion and email me when there are updates

Please note: Do not post advertisements, offensive material, profanity, or personal attacks. Please remember to be considerate of other members. If you're new to the TechRepublic Forums, please read our TechRepublic Forums FAQ. All submitted content is subject to our Terms Of Use.